mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Bootstrap (#22)

Browse source 
* bootstrap rolle hinzugefügt

* playbook bootstrap + master angepasst
This commit is contained in:
Quotengrote 2020-08-29 20:57:14 +02:00 committed by GitHub
parent 807332bb74
commit f5248e88d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 1060 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
playbooks/base/0_master.yml
View file

@ -1,4 +1,5 @@
--- ---
- import_playbook: 1_bootstrap.yml
- import_playbook: 2_packages.yml - import_playbook: 2_packages.yml
- import_playbook: 3_base.yml - import_playbook: 3_base.yml
- import_playbook: 4_create_user.yml - import_playbook: 4_create_user.yml

21
playbooks/base/1_bootstrap.yml
View file

@ -1,28 +1,11 @@
--- ---
############################################################# - hosts: lxc-test.grote.lan
# Wenn das OS ProxMox ist:
# vorher PVE-Nag-Buster ausführen
# wget https://raw.githubusercontent.com/foundObjects/pve-nag-buster/master/install.sh
# bash install.sh
# rm install.sh
#############################################################
- hosts: all
become: yes become: yes
gather_facts: false gather_facts: false
max_fail_percentage: 20% max_fail_percentage: 20%
pre_tasks:
- name: install python
raw: test -e /usr/bin/python || ( apt update && apt install python -y ) # noqa 301 301
- name: erstelle "/etc/sudoers"
file:
path: /etc/sudoers
state: touch
# - name: install sudo
# raw: test -e /usr/bin/sudo || ( apt update && apt install sudo -y ) # noqa 301 301
- name: gather facts
setup:
roles: roles:
- { role: robertdebock.bootstrap, tags: "bootstrap" }
- { role: nickjj.ansible-user, tags: "ansible-user" } - { role: nickjj.ansible-user, tags: "ansible-user" }
vars: vars:

6
roles/robertdebock.bootstrap/.ansible-lint Normal file
View file

@ -0,0 +1,6 @@
#
# Ansible managed
#
exclude_paths:
- ./meta/preferences.yml
- ./molecule/default/verify.yml

2
roles/robertdebock.bootstrap/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,2 @@
---
github: robertdebock

31
roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View file

@ -0,0 +1,31 @@
---
name: Bug report
about: Create a report to help me improve
---
## Describe the bug
A clear and concise description of what the bug is.
## Playbook
Please paste the playbook you are using. (Consider `requirements.yml` and
optionally the command you've invoked.)
```yaml
---
YOUR PLAYBOOK HERE
```
## Output
Show at least the error, possible related output, maybe just all the output.
## Environment
- Control node OS: [e.g. Debian 9] (`cat /etc/os-release`)
- Control node Ansible version: [e.g. 2.9.1] (`ansible --version`)
- Managed node OS: [e.g. CentOS 7] (`cat /etc/os-release`)
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).

19
roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View file

@ -0,0 +1,19 @@
---
name: Feature request
about: Suggest an idea for this project
---
## Proposed feature
A clear and concise description of what you want to happen.
## Rationale
Why is this feature required?
## Additional context
Add any other context about the feature request here.
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).

11
roles/robertdebock.bootstrap/.github/pull_request_template.md vendored Normal file
View file

@ -0,0 +1,11 @@
---
name: Pull request
about: Describe the proposed change
---
**Describe the change**
A clear and concise description of what the pull request is.
**Testing**
In case a feature was added, how were tests performed?

7
roles/robertdebock.bootstrap/.github/settings.yml vendored Normal file
View file

@ -0,0 +1,7 @@
---
#
# Ansible managed
#
repository:
description: Prepare your system to be managed by Ansible.
homepage: https://robertdebock.nl/

22
roles/robertdebock.bootstrap/.github/workflows/galaxy.yml vendored Normal file
View file

@ -0,0 +1,22 @@
---
#
# Ansible managed
#
name: Release to Ansible Galaxy
on:
push:
tags:
- '*'
schedule:
- cron: '2 2 2 * *'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: galaxy
uses: robertdebock/galaxy-action@1.0.1
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}

78
roles/robertdebock.bootstrap/.github/workflows/molecule.yml vendored Normal file
View file

@ -0,0 +1,78 @@
---
#
# Ansible managed
#
name: Ansible Molecule
on:
push:
tags_ignore:
- '*'
pull_request:
schedule:
- cron: '2 2 2 * *'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
with:
path: "${{ github.repository }}"
- name: molecule
uses: robertdebock/molecule-action@2.6.1
with:
command: lint
test:
needs:
- lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
- image: "alpine"
tag: "latest"
- image: "alpine"
tag: "edge"
- image: "amazonlinux"
tag: "1"
- image: "centos"
tag: "7"
- image: "centos"
tag: "latest"
- image: "debian"
tag: "latest"
- image: "debian"
tag: "bullseye"
- image: "fedora"
tag: "31"
- image: "fedora"
tag: "latest"
- image: "opensuse"
tag: "latest"
- image: "ubuntu"
tag: "latest"
- image: "ubuntu"
tag: "bionic"
- image: "ubuntu"
tag: "xenial"
steps:
- name: checkout
uses: actions/checkout@v2
with:
path: "${{ github.repository }}"
- name: disable apparmor for mysql
run: sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
- name: parse apparmor for mysql
run: sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
- name: molecule
uses: robertdebock/molecule-action@2.6.1
with:
image: ${{ matrix.config.image }}
tag: ${{ matrix.config.tag }}
options: "--parallel all"
env:
TOX_PARALLEL_NO_SPINNER: 1

4
roles/robertdebock.bootstrap/.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
.molecule
*.log
*.swp
.tox

44
roles/robertdebock.bootstrap/.travis.yml Normal file
View file

@ -0,0 +1,44 @@
---
#
# Ansible managed
#
language: python
python:
- "3.8"
services:
- docker
env:
global:
namespace="robertdebock"
matrix:
- image="alpine" tag="latest"
- image="alpine" tag="edge"
- image="amazonlinux" tag="1"
- image="centos" tag="7"
- image="centos" tag="latest"
- image="debian" tag="latest"
- image="debian" tag="bullseye"
- image="fedora" tag="31"
- image="fedora" tag="latest"
- image="opensuse" tag="latest"
- image="ubuntu" tag="latest"
- image="ubuntu" tag="bionic"
- image="ubuntu" tag="xenial"
cache:
- pip
install:
- pip install --upgrade pip
- pip install tox
script:
- function retry { counter=0 ; until "$@" ; do exit=$? ; counter=$(($counter + 1)) ; if [ $counter -ge 3 ] ; then return $exit ; fi ; done ; return 0; } ; retry tox --parallel all
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
slack: "AEo3BmfzYciKxvEhGfhFzpKs9Lvw5uN5yetaMvDWkpoQ2IxuTj3SZIg2VEFBgvg/w9R5ICPcegwymqL8Yq9/PdDGRIFw1LFnL7azHKL+m6AQYrw+vzBEEfZX/IVMqpsV9+feEi+D7+w1gGh3XcqcgNXHT0K022wkSG2inn/7hYdSqNAg8lTQ8Ba7EEi5q/coVZhInaF0NcD2b78KbPsRU13esoJHZpwR/emBBhVN/TUEfRyYotPDy3fT62Im3rokcLorz6mExZzT4Z3lj82erOjZjDJBsl94JjJF8XzeOrwJefgBdPJa7fkliuJFJC66ofQU8LZGFRv2XkABYDRUtOmGB/fhe9KSzBFUlcGUdawrlv3o5+u5R1Faz8Ic/BVb7I3Nt79zjgoUR0SeLuUieUK7a7FAOYtX0YO+A+PHlkvf2hzLAqQp0tn0et8pmCt5gyJL3zsi/UK7xGOeezB5o771sd5Ac21qv89TOR8ybrV1K/ATczIaDE61QOxW0VfbXbAeQXWYVWa6XIgdIWGbwsCTQIk0HPXju4kZxsqBbM0U/cOXOhHFLegi0KRULkSZOd9M+ZqTK6Zc62oVFC5SqA9t+jozO3hcB8XB/hmT6YW3pBYM0E1p1MFB+aWArb4WGoaBC4aAM8C5cj/HH1Bl0I+Yo5GXNXuklxHKX21g9l8="
email: false

12
roles/robertdebock.bootstrap/.yamllint Normal file
View file

@ -0,0 +1,12 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable

46
roles/robertdebock.bootstrap/CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,46 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behaviour that contributes to creating a positive environment include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behaviour by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/

76
roles/robertdebock.bootstrap/CONTRIBUTING.md Normal file
View file

@ -0,0 +1,76 @@
# [Please contribute](#please-contribute)
You can really make a difference by:
- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. (Have a look at the [known issues](https://github.com/search?q=user%3Arobertdebock+is%3Aissue+state%3Aopen).)
- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code.
I'll try to help and take every contribution seriously.
It's a great opportunity for me to learn how you use the role and also an opportunity to get into the habit of contributing to open source software.
## [Step by step](#step-by-step)
Here is how you can help, a lot of steps are related to GitHub, not specifically my roles.
### [1. Make an issue.](#1-make-an-issue)
When you spot an issue, [create an issue](https://github.com/robertdebock/ansible-role-bootstrap/issues).
Making the issue help me and others to find similar problems in the future.
### [2. Fork the project.](#2-fork-the-project)
On the top right side of [the repository on GitHub](https://github.com/robertdebock/ansible-role-bootstrap), click `fork`. This copies everything to your GitHub namespace.
### [3. Make the changes](#3-make-the-changes)
In you own GitHub namespace, make the required changes.
I typically do that by cloning the repository (in your namespace) locally:
```
git clone git@github.com:YOURNAMESPACE/ansible-role-bootstrap.git
```
Now you can start to edit on your laptop.
### [4. Optionally: test your changes](#4-optionally-test-your-changes)
Install [molecule](https://molecule.readthedocs.io/en/stable/) and [Tox](https://tox.readthedocs.io/):
```
pip install molecule tox ansible-lint docker
```
And run `molecule test`. If you want to test a specific distribution, set `image` and optionally `tag`:
```
image=centos tag=7 molecule test
```
Once it start to work, you can test multiple version of Ansible:
```
image=centos tag=7 tox
```
### [5. Optionally: Regenerate all dynamic content](#5-optionally-regenerate-all-dynamic-content)
You can use [Ansible Generator](https://github.com/robertdebock/ansible-generator) to regenerate all dynamic content.
If you don't do it, I'll do it later for you.
### [6. Make a pull request](#6-make-a-pull-request)
[GitHub](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork) on pull requests.
In the comment-box, you can [refer to the issue number](https://help.github.com/en/github/writing-on-github/autolinked-references-and-urls) by using #123, where 123 is the issue number.
### [7. Wait](#7-wait)
Now I'll get a message that you've added some code. Thank you, really.
CI starts to test your changes. You can follow the progress on Travis.
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).

202
roles/robertdebock.bootstrap/LICENSE Normal file
View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2020 Robert de Bock (robert@meinit.nl)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

156
roles/robertdebock.bootstrap/README.md Normal file
View file

@ -0,0 +1,156 @@
# [bootstrap](#bootstrap)
Prepare your system to be managed by Ansible.
|Travis|GitHub|Quality|Downloads|Version|
|------|------|-------|---------|-------|
|[![travis](https://travis-ci.com/robertdebock/ansible-role-bootstrap.svg?branch=master)](https://travis-ci.com/robertdebock/ansible-role-bootstrap)|[![github](https://github.com/robertdebock/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[![quality](https://img.shields.io/ansible/quality/21642)](https://galaxy.ansible.com/robertdebock/bootstrap)|[![downloads](https://img.shields.io/ansible/role/d/21642)](https://galaxy.ansible.com/robertdebock/bootstrap)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-bootstrap.svg)](https://github.com/robertdebock/ansible-role-bootstrap/releases/)|
## [Example Playbook](#example-playbook)
This example is taken from `molecule/resources/converge.yml` and is tested on each push, pull request and release.
```yaml
---
- name: Converge
hosts: all
become: yes
gather_facts: no
roles:
- role: robertdebock.bootstrap
```
The machine may need to be prepared using `molecule/resources/prepare.yml`:
```yaml
No preparation required.
```
For verification `molecule/resources/verify.yml` run after the role has been applied.
```yaml
---
- name: Verify
hosts: all
become: no
gather_facts: yes
tasks:
- name: test connection
ping:
```
Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.
## [Role Variables](#role-variables)
These variables are set in `defaults/main.yml`:
```yaml
---
# defaults file for bootstrap
# The user to use to connect to machines.
bootstrap_user: root
# Do you want to wait for the host to be available?
bootstrap_wait_for_host: no
# The number of seconds you want to wait during connection test before failing.
bootstrap_timeout: 3
# The number of retries during installation
bootstrap_retries: 3
```
## [Requirements](#requirements)
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)
The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`:
```yaml
- none
```
## [Context](#context)
This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.
Here is an overview of related roles:
![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/bootstrap.png "Dependency")
## [Compatibility](#compatibility)
This role has been tested on these [container images](https://hub.docker.com/u/robertdebock):
|container|tags|
|---------|----|
|alpine|all|
|amazon|2018.03|
|el|7, 8|
|debian|buster, bullseye|
|fedora|31, 32|
|opensuse|all|
|ubuntu|focal, bionic, xenial|
The minimum version of Ansible required is 2.8 but tests have been done to:
- The previous version, on version lower.
- The current version.
- The development version.
## [Testing](#testing)
[Unit tests](https://travis-ci.com/robertdebock/ansible-role-bootstrap) are done on every commit, pull request, release and periodically.
If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-bootstrap/issues)
Testing is done using [Tox](https://tox.readthedocs.io/en/latest/) and [Molecule](https://github.com/ansible/molecule):
[Tox](https://tox.readthedocs.io/en/latest/) tests multiple ansible versions.
[Molecule](https://github.com/ansible/molecule) tests multiple distributions.
To test using the defaults (any installed ansible version, namespace: `robertdebock`, image: `fedora`, tag: `latest`):
```
molecule test
# Or select a specific image:
image=ubuntu molecule test
# Or select a specific image and a specific tag:
image="debian" tag="stable" tox
```
Or you can test multiple versions of Ansible, and select images:
Tox allows multiple versions of Ansible to be tested. To run the default (namespace: `robertdebock`, image: `fedora`, tag: `latest`) tests:
```
tox
# To run CentOS (namespace: `robertdebock`, tag: `latest`)
image="centos" tox
# Or customize more:
image="debian" tag="stable" tox
```
## [License](#license)
Apache-2.0
## [Contributors](#contributors)
I'd like to thank everybody that made contributions to this repository. It motivates me, improves the code and is just fun to collaborate.
- [rembik](https://github.com/rembik)
- [jellevandehaterd](https://github.com/jellevandehaterd)
- [fzarifian](https://github.com/fzarifian)
- [kmonticolo](https://github.com/kmonticolo)
- [CrystalStiletto](https://github.com/CrystalStiletto)
- [infothrill](https://github.com/infothrill)
## [Author Information](#author-information)
[Robert de Bock](https://robertdebock.nl/)
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).

25
roles/robertdebock.bootstrap/SECURITY.md Normal file
View file

@ -0,0 +1,25 @@
# [Security Policy](#security-policy)
This software implements other software, it's not very likely that this software introduces new vulnerabilities.
## [Supported Versions](#supported-versions)
The current major version is supported. For example if the current version is 3.4.1:
| Version | Supported |
| ------- | ------------------ |
| 3.4.1 | :white_check_mark: |
| 3.4.x | :white_check_mark: |
| 3.x.x | :white_check_mark: |
| 2.0.0 | :x: |
| 1.0.0 | :x: |
## [Reporting a Vulnerability](#reporting-a-vulnarability)
Please [open an issue](https://github.com/robertdebock/ansible-role-bootstrap/issues) describing the vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).

14
roles/robertdebock.bootstrap/defaults/main.yml Normal file
View file

@ -0,0 +1,14 @@
---
# defaults file for bootstrap
# The user to use to connect to machines.
bootstrap_user: root
# Do you want to wait for the host to be available?
bootstrap_wait_for_host: no
# The number of seconds you want to wait during connection test before failing.
bootstrap_timeout: 3
# The number of retries during installation
bootstrap_retries: 3

46
roles/robertdebock.bootstrap/meta/main.yml Normal file
View file

@ -0,0 +1,46 @@
---
galaxy_info:
author: Robert de Bock
role_name: bootstrap
description: Prepare your system to be managed by Ansible.
license: Apache-2.0
company: none
min_ansible_version: 2.8
platforms:
- name: Alpine
versions:
- all
- name: Amazon
versions:
- 2018.03
- name: EL
versions:
- 7
- 8
- name: Debian
versions:
- buster
- bullseye
- name: Fedora
versions:
- 31
- 32
- name: OpenSUSE
versions:
- all
- name: Ubuntu
versions:
- focal
- bionic
- xenial
galaxy_tags:
- bootstrap
- centos
- installer
- server
- system
- oraclelinux
dependencies: []

2
roles/robertdebock.bootstrap/meta/preferences.yml Normal file
View file

@ -0,0 +1,2 @@
---
tox_parallel: yes

8
roles/robertdebock.bootstrap/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,8 @@
---
- name: Converge
hosts: all
become: yes
gather_facts: no
roles:
- role: ansible-role-bootstrap

30
roles/robertdebock.bootstrap/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,30 @@
---
#
# Ansible managed
#
dependency:
name: galaxy
options:
role-file: requirements.yml
lint: |
PATH=${PATH}
yamllint molecule/default/converge.yml
ansible-lint molecule/default/converge.yml
driver:
name: docker
platforms:
- name: "bootstrap-${image:-fedora}-${tag:-latest}${TOX_ENVNAME}"
image: "${namespace:-robertdebock}/${image:-fedora}:${tag:-latest}"
command: /sbin/init
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: yes
pre_build_image: yes
provisioner:
name: ansible
config_options:
defaults:
stdout_callback: yaml
bin_ansible_callbacks: yes
verifier:
name: ansible

9
roles/robertdebock.bootstrap/molecule/default/verify.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Verify
hosts: all
become: no
gather_facts: yes
tasks:
- name: test connection
ping:

28
roles/robertdebock.bootstrap/tasks/assert.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: test if bootstrap_user is set correctly
assert:
that:
- bootstrap_user is defined
- bootstrap_user | length > 0
quiet: yes
- name: test if bootstrap_wait_for_host is set correctly
assert:
that:
- bootstrap_wait_for_host is defined
- bootstrap_wait_for_host | type_debug == "bool"
quiet: yes
- name: test if bootstrap_timeout is set correctly
assert:
that:
- bootstrap_timeout is defined
- bootstrap_timeout | int >= 0
quiet: yes
- name: test if bootstrap_retries is set correctly
assert:
that:
- bootstrap_retries is defined
- bootstrap_retries | int >= 0
quiet: yes

28
roles/robertdebock.bootstrap/tasks/gather_facts.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: lookup bootstrap facts
become: no
raw: "cat /etc/os-release"
check_mode: no
register: bootstrap_facts
changed_when: no
vars:
ansible_user: "{{ bootstrap_user }}"
- name: set bootstrap facts (I)
set_fact:
bootstrap_distribution: "{{ item }}"
bootstrap_distribution_major_version: "{{ bootstrap_facts.stdout_lines | join(',') | regex_replace(
'^.*VERSION_ID=\"(\\d{1,2})(\\.\\d{1,4})*?\".*$','\\1') | default('NA') }}"
loop: "{{ bootstrap_os_family_map | dict2items | map(attribute='value') | flatten }}"
when:
- bootstrap_facts.rc == 0
- bootstrap_distribution is not defined
- bootstrap_facts.stdout is regex('PRETTY_NAME=.'~ bootstrap_search[item] | default(item) ~'.*')
- name: set bootstrap facts (II)
set_fact:
bootstrap_os_family: "{{ item.key }}"
loop: "{{ bootstrap_os_family_map | dict2items }}"
loop_control:
label: "{{ item.key }}"
when: bootstrap_distribution in item.value

55
roles/robertdebock.bootstrap/tasks/main.yml Normal file
View file

@ -0,0 +1,55 @@
---
# tasks file for bootstrap
- name: include assert.yml
include_tasks: assert.yml
- name: wait for host
wait_for:
port: "{{ ansible_port | default('22') }}"
host: "{{ (ansible_ssh_host | default(ansible_host) | default(inventory_hostname)) }}"
connection: local
become: no
when:
- ansible_connection is defined
- ansible_connection != "docker"
- ansible_connection != "container"
- bootstrap_wait_for_host | bool
- name: prepare system
block:
- name: test connection
wait_for_connection:
timeout: "{{ bootstrap_timeout }}"
register: bootstrap_connect
changed_when: no
rescue:
- name: gather bootstrap facts
include_tasks: "gather_facts.yml"
- name: install bootstrap packages
raw: "{{ bootstrap_install.raw }}"
register: bootstrap_install_packages
changed_when: (bootstrap_install.stdout_regex in bootstrap_install_packages.stdout and
bootstrap_os_family in ['Alpine', 'Archlinux', 'Gentoo']) or (
bootstrap_install.stdout_regex not in bootstrap_install_packages.stdout and
bootstrap_os_family in ['Debian', 'RedHat', 'Suse'])
vars:
ansible_user: "{{ bootstrap_user }}"
always:
- name: set bootstrap ansible_user
set_fact:
bootstrap_ansible_user: "{{ ansible_user | default(omit) if bootstrap_connect is succeeded else bootstrap_user }}"
changed_when: no
- name: ensure system is prepared
block:
- name: gather ansible facts
setup:
- name: install bootstrap packages
package:
name: "{{ item }}"
state: present
loop: "{{ bootstrap_facts_packages.split() }}"
vars:
ansible_user: "{{ bootstrap_ansible_user | default(omit) }}"

26
roles/robertdebock.bootstrap/tox.ini Normal file
View file

@ -0,0 +1,26 @@
#
# Ansible managed
#
[tox]
minversion = 3.7
# Disabled "next" because of:
# https://github.com/ansible-community/molecule/issues/2626.
# envlist = py{38}-ansible-{previous,current,next}
envlist = py{38}-ansible-{previous,current}
skipsdist = true
[testenv]
deps =
previous: ansible>=2.8, <2.9
current: ansible>=2.9
next: git+https://github.com/ansible/ansible.git@devel
molecule[lint]>=3, <4
docker>=4.2, <4.3
commands = molecule test
setenv =
TOX_ENVNAME={envname}
MOLECULE_EPHEMERAL_DIRECTORY=/tmp/.molecule/{env:image:fedora}-{env:tag:latest}/{envname}
PY_COLORS=1
ANSIBLE_FORCE_COLOR=1
passenv = namespace image tag

70
roles/robertdebock.bootstrap/vars/main.yml Normal file
View file

@ -0,0 +1,70 @@
---
# vars file for bootstrap
_bootstrap_packages:
Alpine: python3 sudo
Archlinux: python sudo
Debian: python3 sudo gnupg python3-apt
Gentoo: python sudo gentoolkit
RedHat: python3 sudo
Suse: python python-xml sudo
Amazon: python sudo
CentOS_7: python sudo
Debian_8: python sudo gnupg
Debian_9: python sudo gnupg
RedHat_7: python sudo
_bootstrap_install:
Alpine:
raw: "LANG=C apk update ; apk add {{ bootstrap_packages }}"
stdout_regex: 'Installing'
Archlinux:
raw: "LANG=C pacman -Sy --noconfirm {{ bootstrap_packages }}"
stdout_regex: ' installing python'
Debian:
raw: "LANG=C apt-get update && apt-get install -y {{ bootstrap_packages }}"
stdout_regex: ' 0 newly installed'
Gentoo:
raw: "LANG=C equery l {{ bootstrap_packages }} ||
(emaint -a sync ; emerge -qkv {{ bootstrap_packages }} ; echo 'changed')"
stdout_regex: 'changed'
RedHat:
raw: "LANG=C yum -y install {{ bootstrap_packages }}"
stdout_regex: 'Nothing'
Suse:
raw: "LANG=C zypper -n install {{ bootstrap_packages }}"
stdout_regex: 'Nothing'
# See URL for available OS families and search queries
# https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/facts/system/distribution.py
bootstrap_os_family_map:
Alpine: [Alpine]
Archlinux: [Archlinux, Antergos, Manjaro]
Debian: [Debian, Ubuntu, Raspbian, Neon, KDE neon,
Linux Mint, SteamOS, Devuan, Kali, 'Cumulus Linux']
Gentoo: [Gentoo, Funtoo]
RedHat: [RedHat, Fedora, CentOS, Scientific, SLC,
Ascendos, CloudLinux, PSBM, OracleLinux, OVS,
OEL, Amazon, Virtuozzo, XenServer, Alibaba]
Suse: [SLED, 'openSUSE Tumbleweed', 'openSUSE Leap',
SLES_SAP, SUSE_LINUX, SLES, openSUSE, SuSE]
bootstrap_search:
Archlinux: 'Arch Linux'
OracleLinux: 'Oracle Linux'
RedHat: 'Red Hat'
# Map the right set of packages, based on gathered bootstrap facts.
bootstrap_packages: "{{ _bootstrap_packages[bootstrap_distribution ~'_'~ bootstrap_distribution_major_version]|default(
_bootstrap_packages[bootstrap_distribution])|default(
_bootstrap_packages[bootstrap_os_family]) }}"
# Map the right install command, based on gathered bootstrap facts.
bootstrap_install: "{{ _bootstrap_install[bootstrap_distribution ~'_'~ bootstrap_distribution_major_version]|default(
_bootstrap_install[bootstrap_distribution])|default(
_bootstrap_install[bootstrap_os_family]) }}"
# Map the right set of packages, based on gathered ansible_facts.
bootstrap_facts_packages: "{{ _bootstrap_packages[ansible_distribution ~'_'~ ansible_distribution_major_version]|default(
_bootstrap_packages[ansible_distribution])|default(
_bootstrap_packages[ansible_os_family]) }}"